CVE-2014-6046

Multiple cross-site request forgery CSRF vulnerabilities in phpMyFAQ before 2.8.13 allow remote attackers to hijack the authentication of unspecified users for requests that 1 delete active users by leveraging improper validation of CSRF tokens or that 2 delete open questions, 3 activate users, 4...

CVE-2018-15129

ThinkSAAS through 2018-07-25 has XSS via the index.php?app=article&ac=comment&ts=do content parameter...

Input validation

The plugin "WordPress Comments Import & Export" for WordPress v2.0.4 and before is vulnerable to CSV Injection...

CVE-2018-11526

The plugin "WordPress Comments Import & Export" for WordPress v2.0.4 and before is vulnerable to CSV Injection...

CVE-2018-11526

CVE-2018-11526 affects the WordPress plugin Comments Import & Export (versions 2.0.4 and earlier). The vulnerability is a CSV injection flaw in the plugin when exporting data, enabling an attacker to inject commands via form fields. Public PoCs and exploit resources describe a remote command exec...

Shopify - (Comments) Cross Site Scripting Vulnerability

Document Title: =============== Shopify - Comments Cross Site Scripting Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1551 Release Date: ============= 2018-06-14 Vulnerability Laboratory ID VL-ID: ==================================== 1551...

Shopify - (Comments) Cross Site Scripting Vulnerability

Document Title: =============== Shopify - Comments Cross Site Scripting Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1551 Release Date: ============= 2018-06-13 Vulnerability Laboratory ID VL-ID: ==================================== 1551...

Authentication flaw

Symantec Advanced Secure Gateway ASG 6.6 and 6.7, and ProxySG 6.5, 6.6, and 6.7 are susceptible to a SAML authentication bypass vulnerability. The products can be configured with a SAML authentication realm to authenticate network users in intercepted proxy traffic. When parsing SAML responses, A...

CVE-2018-5241

Symantec Advanced Secure Gateway ASG 6.6 and 6.7, and ProxySG 6.5, 6.6, and 6.7 are susceptible to a SAML authentication bypass vulnerability. The products can be configured with a SAML authentication realm to authenticate network users in intercepted proxy traffic. When parsing SAML responses, A...

CVE-2018-5241

Symantec Advanced Secure Gateway ASG 6.6 and 6.7, and ProxySG 6.5, 6.6, and 6.7 are susceptible to a SAML authentication bypass vulnerability. The products can be configured with a SAML authentication realm to authenticate network users in intercepted proxy traffic. When parsing SAML responses, A...

Gitlab -- multiple vulnerabilities

GitLab reports: Confidential issue comments in Slack, Mattermost, and webhook integrations. Persistent XSS in milestones data-milestone-id. Persistent XSS in filename of merge request...

WordPress Disable Comments Plugin < 1.0.4 CSRF Vulnerability

The WordPress plugin Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

CVE-2014-2550

Cross-site request forgery CSRF vulnerability in the Disable Comments plugin before 1.0.4 for WordPress allows remote attackers to hijack the authentication of administrators for requests that enable comments via a request to the disablecommentssettings page to wp-admin/options-general.php...

CVE-2017-6926

In Drupal versions 8.4.x versions before 8.4.5 users with permission to post comments are able to view content and comments they do not have access to, and are also able to add comments to this content. This vulnerability is mitigated by the fact that the comment system must be enabled and the...

CVE-2017-6926

CVE-2017-6926 affects Drupal 8.4.x before 8.4.5 where users with permission to post comments can view content and comments they access to and add comments to that content. The issue’s underlying cause is tied to Drupal’s comment system behavior; mitigations are stated as requiring the comment sys...

Concrete5 Username / Comments Enumeration

!/usr/bin/env python3 Concrete5 8.3 vulnerable to Authorization Bypass Through User-Controlled Key IDOR CVE-2017-18195 Chapman R3naissance Schleiss from queue import Queue from threading import Thread from bs4 import BeautifulSoup from tabulate import tabulate import argparse import requests impo...

CVE-2017-18195

An issue was discovered in tools/conversations/viewajax.php in Concrete5 before 8.3.0. An unauthenticated user can enumerate comments from all blog posts by POSTing requests to /index.php/tools/required/conversations/viewajax with incremental 'cnvID' integers...

CVE-2017-18195

Concrete5

Design/Logic Flaw

Several rest inline action resources of Atlassian Activity Streams before version 6.3.0 allows remote authenticated attackers to watch any Confluence page & receive notifications when comments are added to the watched page, and vote & watch JIRA issues that they do not have access to, although th...

Vanilla 2.1.5 - Cross-Site Request Forgery

Vanilla 2.1.5 - Cross-Site Request Forgery Exploit Title: CSRF vulnerabilities in Vanilla Forums below 2.1.5-CVE-2017-1000432 Google Dork: NA Date: 7/1/2018 Contact: https://twitter.com/anandm47 website: https://anandtechzone.blogspot.in Exploit Author: Anand Meyyappan Vendor Homepage:...